<?php
header("Content-Type:text/html; charset=utf-8");
session_start();
require_once('admin/config.php');
$conn = mysql_connect($cfg_dbhost,$cfg_dbuser,$cfg_dbpwd);
mysql_select_db($cfg_dbname,$conn);
$country_id=strtolower((string)$_POST["country_id"]);
$email=strtolower((string)$_POST["email"]);
$company=strtolower((string)$_POST["company"]);
$vat=strtolower((string)$_POST["vat"]);
$password=strtolower((string)$_POST["password"]);
$password_confirmation=strtolower((string)$_POST["password_confirmation"]);
$terms=strtolower((string)$_POST["terms"]);

function get_real_ip(){  
$ip=false;  
if(!empty($_SERVER['HTTP_CLIENT_IP'])){  
$ip=$_SERVER['HTTP_CLIENT_IP'];} 
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){  
$ips=explode (', ', $_SERVER['HTTP_X_FORWARDED_FOR']);  
if($ip){ array_unshift($ips, $ip); $ip=FALSE; } 
for ($i=0; $i < count($ips); $i++){ 
if(!eregi ('^(10│172.16│192.168).', $ips[$i])){ 
$ip=$ips[$i]; 
break;}}} 
return ($ip ? $ip : $_SERVER['REMOTE_ADDR']);} 

if(empty($terms)){
echo "<script language=JavaScript>\r\n";
echo "alert('Please read and accept the Terms & Conditions!');\r\n";
echo "location.href='register.php'\r\n";
echo "</script>";
}else{
if(empty($country_id)||empty($password_confirmation)||empty($password)||empty($email)){
echo "<script language=JavaScript>\r\n";
echo "alert('Required fields cannot be empty!');\r\n";
echo "location.href='register.php'\r\n";
echo "</script>";
}else{

function check($str){
if(strstr($str,"'")||strstr($str,";")||strstr($str,"union")||strstr($str,"‘")||strstr($str,"#")||strstr($str,"!")||strstr($str,"*")||strstr($str,"&")||strstr($str,"^")||strstr($str,"$")){
return "ok";
}else{
return "no";
}}
if(check($country_id)=="ok"||check($password_confirmation)=="ok"||check($password)=="ok"||check($email)=="ok"||check($terms)=="ok"){
echo "<script language=JavaScript>\r\n";
echo "alert('Contains illegal characters!');\r\n";
echo "location.href='register.php'\r\n";
echo "</script>";
}else{
if($password!==$password_confirmation){
echo "<script language=JavaScript>\r\n";
echo "alert('Two password entries are inconsistent!');\r\n";
echo "location.href='register.php'\r\n";
echo "</script>";
}else{

$sqll="select * from ph_user where user_name='".$email."'";
$results=mysql_query($sqll);
if(mysql_num_rows($results)>=1){
echo "<script language=JavaScript>\r\n";
echo "alert('The user already exists!');\r\n";
echo "location.href='register.php'\r\n";
echo "</script>";
}else{
$c_time=date('Y-m-d H:i:s',time());
$sql = "INSERT INTO ph_user(usertype,user_name,user_pass,cdate,country,company_name,vat,ip)VALUES('Nomal','".$email."','".$password."','".$c_time."','".$country_id."','".$company_name."','".$vat."','".get_real_ip()."')";
mysql_query($sql,$conn);
$_SESSION["userislogin"]="iwaslogined";
$_SESSION["username"]=$email;
//$_SESSION["logintype"]="shouji";
echo "<script language=JavaScript>\r\n";
echo "alert('Registration success!');\r\n";
echo "location.href='dashboard/index.php'\r\n";
echo "</script>";
}}}}}
?>